Scenario:

Registered domain xyz.com with Google Apps for Business
Created user infra@xyz.com, using which created a project on Google Cloud Platform
Created a bucket on Google Cloud Storage
Under bucket on Google Cloud Platform Console, in Edit Bucket Permissions added following 3 users under Name, with Entity = User & Access = Writer
- user1@xyz.com (user created in the same Google Apps for Business)
- user2@gmail.com (user created on Gmail)
- user3@abc.com (user created on different Google Apps for Business)
Users try to access the bucket using https://console.cloud.google.com/storage/browser/xyz-com/?project=xyz-com

Issue:

user1@xyz.com was able to get the bucket listing, but it failed for user2@gmail.com & user3@abc.com. Which means any user outside Google Apps for Business is unable to access the bucket in-spite of giving explicit bucket permission.

Though I read and tried for a day, could not find any solution for the issue. Please help

Best Answer

Thanks Brandan Yarbrough, for the suggestion, which worked.

user1@xyz.com was able to access the bucket using the URL https://console.cloud.google.com/storage/browser/xyz-com/?project=xyz-com as it had rights to the Google Cloud Platform project xyz-com, while other users could not access it for they did not have right to the project.Thus removing ?project=xyz-com did the trick for those users.

Conclusion: always use the URL https://console.cloud.google.com/storage/browser/<bucket name>/ (without ?project=<project name>) to access the bucket

Giving access on google cloud storage to users outside Google Apps domain

Scenario:

Issue:

Best Answer

Related Topic

Scenario:

Issue:

Best Answer

Related Solutions

How to access a google cloud storage bucket using a service account from the command line

Permission errors using gcsfuse as nonroot user on google compute instance

Related Topic